1. Technological Field
The present disclosure relates generally to the field of communications systems, and more particularly in one exemplary aspect, to wireless systems that allow user devices to authenticate to wireless networks (e.g., cellular networks, WLANs, WMANs, etc.) using access control clients.
2. Description of Related Technology
Access control is required for secure communication in most prior art wireless radio communication systems. As an example, one simple access control scheme might comprise: (i) verifying the identity of a communicating party, and (ii) granting a level of access commensurate with the verified identity. Within the context of an exemplary cellular system (e.g., Universal Mobile Telecommunications System (UMTS)), access control is governed by an access control client, referred to as a Universal Subscriber Identity Module (USIM) in the exemplary UMTS context, executing on a physical Universal Integrated Circuit Card (UICC). The USIM authenticates the subscriber to the UMTS cellular network. After successful authentication, the subscriber is allowed access to the cellular network.
Common implementations of USIM software are based on the Java Card™ programming language. Java Card is a subset of the Java™ programming language that has been modified for embedded “card” type devices (such as the aforementioned UICC).
Traditionally, the USIM performs the well known Authentication and Key Agreement (AKA) procedure, which verifies and decrypts the applicable data and programs to ensure secure initialization. Specifically, the USIM must both (i) successfully answer a remote challenge to prove its identity to the network operator, and (ii) issue a challenge to verify the identity of the network. USIM based access control is limited to only a single Mobile Network Operator (MNO) at a time.
Existing USIM solutions are hard-coded to the physical UICC card media; the subscriber needs a new UICC to change USIM operation. This can be detrimental to both MNOs and subscribers; for example, if the authentication procedures are “broken” (e.g., via malicious “hacking” or other such activities), the subscriber must be issued a new UICC, and this process is both time-consuming and expensive.
Moreover, various practical considerations limit each physical UICC to only support a single USIM entity; existing solutions are not suitable for handling multiple USIM profiles within the same UICC.
For at least the foregoing reasons, improved solutions for security that do not rely on physical hardware are required. Ideally, such solutions would operate without a physical UICC, yet provide equivalent levels of fraud deterrence as their physical counterparts, and would be flexible in their ability to handle different SIM profiles.